[Samba] winbind - security hole?

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Mar 20 08:38:12 GMT 2006

On Mon, Mar 20, 2006 at 08:54:22AM +0100, Roland Schwarz wrote:
> Consequently if someone is having root access on any single workstation,
> he can modify the mapping at will to get root access to the entire
> domain. The only remedy I can see is to disallow root access on all
> workstations (which is a very undesirable fact).

But right now the only possibility.

> Are I am missing something, or is there a different setup possible to
> omit this security loophole?

No, you are right. In Samba trunk we have started working on
the unixinfo RPC pipe that eventually will fix this. But
it's not finished yet.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20060320/572c8511/attachment.bin

More information about the samba mailing list